Twitter Police shows that 24 isnt a world saving number

Jack Bauer from 24It seems that a 24 hour day in the life of a police officer is not as exciting as the TV series 24 portrays. Whilst Jack might be out saving the world from terrorism and nuclear attack against the country it seems that twitter has proven that this isn’t an average day.

Part of a social experiment which saw Greater Manchester Police tweeting every report that was filed by their call center. It seems the average day for the police is more likely to involve responding to incidents of rape and disorderly conduct than adverting world wide disaster.

The closest the force encountered to nuclear attacks and rockets was a gang of youths throwing lit fireworks. Something tells me they weren’t Al Qaeda trainees but insolent youths.

Girls seem to have taken a fair beating, having been ran down in hit in run incidents, bitten by dogs.

Manchester Evening News has done an analysis on the data and found the results to be very interesting. The reason behind the experiment was to show that official statistics do not really reflect on the force’s activities. Given the amount of data collected this quite possibly will be the case. Large chunks of the time the force has been called to minor offenses and there was a disturbing number of calls that were fake.




Goat Marrige calls from boys on twitter!

goat An alarming number of people have been posting on twitter about relationships with goats. Perhaps it is time for the law to be revised to open up marriage between the boys and the goats. It is in the interest of equal opportunities and equal rights of course!

In all seriousness hoewver, it turns out that Twitter is facing the second worm in the space of a week. It highlights the potential security issues associated with using Twitter, again. The users seem like they are not going to learn.

This time it was caused by basically the same flaw as the previous one with much the same effect. However this time the resulting messages seem to be all more or less the same content. The users of the site have realised they have been accidental posting humiliating content about their relationships with goats.

Given the nature of this threat and the similarity to the previous attack I wonder if this has been generated by the same hacker. Instead of merely hovering over the link this time you had to actually click on the link. The security aspects of preventing it need to be seriously considered by Twitter as part of a solid security review, and the sooner they start the better.


Internet Technology

Twitter users subjected to worms

Certain twitter users, by which it seems the vast majority have found they were vulnerable to a Cross-Site-Scripting XSS vulnerability in the twitter software. It allowed the site to generate a self replicating worm that spread very rapidly across many users at the peak of it around 100 replications a second were being generated.

The result varied from harmless messages to more dubious redirects. The most amusing of these would perhaps have been former prime minister’s wife Sarah Brown’s twitter account redirecting people to pornographic accounts.  She has around 1.1 million followers. I would not be in the slightest surprise should 1.05 million of those actually took up the vulnerability spreading it further whilst visiting the Japanese Porn sites. I am sure we really don’t want to know what she ended up linking to! She updated her feed shortly afterwords to say sorry, I wonder if she took the opportunity to have a nosey herself.

This kind of security breach is relatively straight foward to resolve and given the size and popularity of Twitter, it is a surprise that no one ever considered the security aspects of user input! In the security world, users should never be trusted, they are out to get you!

The most interesting thing about these kinds of problems is they are relatively straightforward to deal with by assuming from the outset of the project by simply presuming that your users will go out of their way to destroy your system. Its true, users sooner or later will find ways to break the system either deliberately and maliciously or through sheer accidental foolishness. As a developer you need to think about these problems. Think about encoding raw input should you not need to do any processing on it that’ll easily prevent a sql injection. Or verify before inserting that it is in an expected format like a date should have 3 parts to it separated by a separator such as “/” so if you get 3 “/” and 4 sets of numbers then it cant possibly be a valid date now can it?

The Independant